SQL Injection Vulnerability in CMS für Motorrad Werkstätten Plugin for WordPress
CVE-2026-6674

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Plugin: Cms Für Motorrad Werkstätten
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-6674?

The CMS für Motorrad Werkstätten plugin for WordPress contains a vulnerability that allows authenticated attackers with subscriber-level access and above to exploit the 'arttype' parameter through SQL Injection. This vulnerability arises from insufficient parameter escaping and inadequate preparation of SQL queries, which can lead to the execution of arbitrary SQL queries. Attackers could manipulate existing queries, potentially exposing sensitive data from the database, posing a significant risk to site security.

Affected Version(s)

Plugin: CMS für Motorrad Werkstätten 0 <= 1.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/cms-fuer-motor...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

Régis SENET

CVE-2026-6674 Data

JSON